The material published in this web log is for general
purposes only. It does not constitute nor is it intended to represent
professional advice. You should always seek specific professional advice in
relation to particular issues. The information in this web log is provided "as
is" with no warranties and confers no rights. The opinions expressed herein are my own personal opinions.

Just a quick update to my earlier blog regarding the problems currently being faced by the University of Exeter. It seems the virus is exploiting known flaws in the Microsoft Vista and Microsoft Server 2008 platforms.

Zack Whittacker, who blogs for ZDNet, has a source inside the university here in Exeter. Apparently, the virus is mainly targeting Vista SP2 machines and the IT staff at the university are trying to use patch MS09-050 to reduce the attack surface.

It is understood that this virus has not been seen outside of the Exeter campus, but clearly demonstrates the disruption that a carefully crafted attack can cause.

There is a suggestion in Whittacker's blog that some critical patches had not been applied (using the Microsoft System Update Service).

We strongly believe that machines should regularly be checked to ensure that patches that should have been applied, actually have been applied. If the loop is not closed in this manner then these sorts of problems are eventually inevitable.

We are concerned that many SMEs, who often do not patch properly, may be at considerable risk if this virus escapes the Exeter campus.

In addition, I remain concerned about the zero-day virus threat. A virus that spreads quickly and easily such as this one, that exploits a flaw such as the one in Internet Explorer that saw Google hacked in China, with a drive-by infection capability on a site such as any of the international versions of Google would lead to huge economic disruption across the globe.

For starters, many people set Google as their home page, so in this apocalyptic scenario, they would be infected and spreading such a virus internally inside the organisational firewall without detection or defence the moment they went online...